[Snort-users] new rules set

Ian Macdonald secsnort at ...5528...
Fri Sep 6 10:34:04 EDT 2002


I have a linux box where I stores the rules then use oinkmaster to maintain
the rule set. Once i have updated using oinkmaster I copy the files over to
the win32 machines using your favorite method samba, scp, ftp, etc. I
normally check about once a week, or when I am about to make changes to my
local rule sets. From my experience it is always good for a security
professional to have a linux/unix box handy.

If I disable a rule I enter it in the oinkmaster conf as a disabled rule, so
that I don't have to go through and manual disable the rules I don't like
after each update. I also keep my personal rules or modified rules in a
separate rules file so it will not be affected by updates to the snort.org
distribution.

Thats the way I manage it.

Ian
----- Original Message -----
From: "netsec novice" <netsec9 at ...125...>
To: <snort-users at lists.sourceforge.net>
Sent: Friday, September 06, 2002 11:52 AM
Subject: Re: [Snort-users] new rules set


> What about for those of us using Win32 based systems?  What do most do in
> terms of frequency?  Do most check on a daily, weekly basis?  Sorry for
the
> ignorance but can I equate rules with 'signature updates' for anti-virus
> applications?
>
>
> >From: "Ian Macdonald" <secsnort at ...5528...>
> >To: <snort-users at lists.sourceforge.net>, "Lana" <lanarao at ...5849...>
> >Subject: Re: [Snort-users] new rules set
> >Date: Fri, 6 Sep 2002 09:13:02 -0400
> >
> >http://www.snort.org/dl/signatures/, they are built daily from the CVS
> >source, make sure you pick the right rule set for your version of snort
> >
> >-stable for 1.8 and -current for 1.9
> >
> >Ian
> >
> >----- Original Message -----
> >From: "Lana" <lanarao at ...5849...>
> >To: <snort-users at lists.sourceforge.net>
> >Sent: Friday, September 06, 2002 5:18 AM
> >Subject: [Snort-users] new rules set
> >
> >
> > > Hello to everybody,
> > > where can I find the new rules set for snort?
> > > how often are they released?
> > > Thank you
> > > Lana
> > >
> > > ______________________________________________________________________
> > > Yahoo! Musica: notizie, recensioni, classifiche, speciali multimediali
> > > http://it.yahoo.com/mail_it/foot/?http://it.music.yahoo.com/
> > >
> > >
> > > -------------------------------------------------------
> > > This sf.net email is sponsored by: OSDN - Tired of that same old
> > > cell phone?  Get a new here for FREE!
> > > https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> >
> >
> >
> >-------------------------------------------------------
> >This sf.net email is sponsored by: OSDN - Tired of that same old
> >cell phone?  Get a new here for FREE!
> >https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users at lists.sourceforge.net
> >Go to this URL to change user options or unsubscribe:
> >https://lists.sourceforge.net/lists/listinfo/snort-users
> >Snort-users list archive:
> >http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
> _________________________________________________________________
> Join the worlds largest e-mail service with MSN Hotmail.
> http://www.hotmail.com
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: OSDN - Tired of that same old
> cell phone?  Get a new here for FREE!
> https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list